|
|
|
 |
Vulnerability Note VU#345233McAfee Virex fails to properly authenticate the source of updatesOverviewMcAfee Virex automatic updates may not properly authenticate the source of updates. This may allow a remote attacker to execute arbitrary commands on a vulnerable system.I. DescriptionMcAfee Virex is anti-virus software for the Mac OS X platform. McAfee Virex 7 for Mac OS X connects to a remote FTP server to retrieve updates. However, Virex fails to properly authenticate the server or the contents of the retrieved updates. This may allow a remote attacker to spoof the update server and its contents, allowing that attacker to download and execute arbitrary commands on a Virex client system.II. ImpactA remote attacker can execute arbitrary commands.III. SolutionApply a patch from McAfee VirexA patch to address this issue is available by visiting the McAfee SecurityCenter and clicking the update button.
References
Thanks to Anthony Bellissimo, John Burgess, and Kevin Fu for reporting this vulnerability. This document was written by Jeff Gennari.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader